FBI Warns That Hackers Target Open FTP Servers

In a Private Industry Notification, the Federal Bureau of Investigation revealed they knew of threat actors who targeted specific healthcare facilities. The FBI explained that these âhackersâ hunted open FTP connections from medical and dental practices across the United States. From there, the intruders stole sensitive medical information and use it for extortion, identity theft, or simply a darknet marketplace listing.

According the FBI, the hackers take advantage of the anonymous FTP servers for “the purposes of intimidating, harassing, and blackmailing business owners.” At DeepDotWeb, we mainly cover hacked healthcare records that Iand on the darknet. TheDarkOverlord is one of the most well-known examples of hackers who hacked healthcare practices for the purpose of extortion.

The entity, interviewed with DeepDotWeb at one point about his attacks against health care practices across the United States. TDO hacked (mainly orthopedic) practices through Remote Desktop Protocol. So not FTP. However, TDO then listed the stolen dumps on the darknet. Often on TheRealDeal marketplace. The listings served his extortion needs.

The hacker explained that “contact was attempted with the victim organization. However, they declined to respond. The attempt was made with each of their board of director members.â

“Why not just pay?â he asked in the encrypted chat with DeepDotWeb. “Money makes it all go away and it is a modest cost compared to the total financial damage you will suffer if you do not pay to keep it from getting leaked.â

The entity hacked, most notably, 9.3 million healthcare records from a single organization in the United States. Dissent Doe, a security researcher and analyst, verified information from the breach. Although she tested only a sample provided by the person(s), she effectively proved that the stolen data was legitimate. The legitimacy of her website, along with anyone else who reported the story, only increased the value of healthcare data if a company bought back the stolen data. If a company refused compliance with TDO, darknet sales provided fall-back income.

TDO matched only part of the FBIâs summary but the extortion or blackmail aspect worked similarly; many companies hide breaches for an indefinite period of time for obvious legal and appears reasons.

The Private Industry Notification pointed to a 2015 study from the University of Michigan that focused on open FTP servers. They found 1 million FTP servers that allowed anonymous access. Anonymous access usually allows anyoneâan attacker, in this exampleâto access the server with default or potentially fictional credentials. The notice closed with a recommendation respect the study:

âThe FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server.â

You might also like

3 comments

Welcome to 1999 you dumdums. Anyone still using FTP server is an idiot. It’s either SFTP SCP or SSH session or some other secure service. Even those aren’t 100% secure from zerodays–you have to keep them updated constantly.

If you are running FTP and Telnet, then you’re doing it 100% wrong and you deserve to be hacked and the sysadmin deserves to be blamed for going against nearly 2 decades of warning about ‘best practices’ and going completely against them.

People doing cybersecurity wrong is why their customers data keeps getting taken. Sometimes I think it’s done on purpose–purposefully doing cybersecurity wrong so that when info is taken by a third party insider there’s a plausible deniability; kind of like Hillary Clintons ‘open blackberry policy’